If Windows XP SP2 firewall service is set to manual or disabled when Windows XP SP3 is applied, the Windows Firewall/Internet Connection Sharing (ICS) service and Security Cetner service will be changed to automatic startup.  This behavior is by design, for the purpose of increasing the security of Windows XP.

Everytime I setup a Microsoft 2003 Small Business Server or troubleshoot connectivity problems to the SBS server I have to lookup the ports that are required to pass through a firewall for proper communication to occur with the various SBS components.  Since I’m tired of Googling for them, I’ve decided to post them here for my quick reference.  Hopefully others will find this helpful as well:

SBS firewall ports

SMTP - port 25 – email

http - port 80 – web server including wwwroot and server usage and performance reports

https – port 443 – secure web server.  Includes OWA and OMA

Windows SharePoint Services intranet site – port 444 for allowing users to securely access the intranet Web site created by SharePoint Services from the Internet

PPTP - port 1723 – VPN connections

Remote Web Workplace (RWW)  - ports 443 and 4125

Remote Desktop (RDP direct) – port 3389.  If using RDP through RWW this is not required.

Other SBS ports

POP3 – port 110

IMAP – port 143

IMAPs – port 993

FTP – port 21

Microsoft has a web page that lists the various tools you can use to remotely administer a Windows Server system. The page lists each remote administration tool and the steps that are required to successfully use the tool with the Windows Firewall service enabled on the local or remote machine.

Firewall configuration details for the following remote administration tools are provided:

• Active Directory Domains and Trusts (Windows Firewall: domain)
• Active Directory Management (Windows Firewall: admgmt)
• Active Directory Schema Management (Windows Firewall: schmmgmt)
• Active Directory Sites and Services (Windows Firewall: dssite)
• Active Directory Users and Computers (Windows Firewall: dsa)
• Authorization Manager (Windows Firewall: azman)
• Certificate Templates (Windows Firewall: certtmpl)
• Certificates (Windows Firewall: certmgr)
• Certification Authority (Windows Firewall: certsrv)
• Certutil command (Windows Firewall: certutil)
• Cluster Administrator (Windows Firewall: cluadmin)
• Cluster command (Windows Firewall: cluster)
• Component Services (Windows Firewall: comexp)
• Computer Management (Windows Firewall: compmgmt)
• Connection Manager Administration Kit Binaries (Windows Firewall: cmbins)
• Connection Manager Administration Kit Wizard (Windows Firewall: cmak)
• Device Manager (Windows Firewall: devmgr)
• Dfscmd command (Windows Firewall: dfscmd)
• DHCP (Windows Firewall: dhcpmgmt)
• Directory Service Utilities (Windows Firewall: ntdsutil)
• Disk Defragmenter (Windows Firewall: dfrg)
• Disk Management (Windows Firewall: diskmgmt)
• Distributed File System (Windows Firewall: dfsgui)
• DNS Management (Windows Firewall: dnsmgmt)
• Dsadd command (Windows Firewall: dsadd)
• Dsget command (Windows Firewall: dsget)
• Dsmod command (Windows Firewall: dsmod)
• Dsmove command (Windows Firewall: dsmove)
• Dsquery command (Windows Firewall: dsquery)
• Dsrm command (Windows Firewall: dsrm)
• Event Viewer (Windows Firewall: eventvwr)
• Fax client console (Windows Firewall: fxsclnt)
• Fax Service Manager (Windows Firewall: fxsadmin)
• File Server Management (Windows Firewall: filesvr)
• Group Policy Object Editor (Windows Firewall: gpedit)
• IIS Application Management script (Windows Firewall: iisapp)
• IIS Backup script (Windows Firewall: iisback)
• IIS Configuration script (Windows Firewall: iiscnfg)
• IIS FTP script (Windows Firewall: iisftp)
• IIS FTP Virtual Directory script (Windows Firewall: iisftpdr)
• IIS Help script (Windows Firewall: iisschlp)
• IIS Service Extension script (Windows Firewall: iisext)
• IIS Virtual Directory script (Windows Firewall: iisvdir)
• IIS Web Management script (Windows Firewall: iisweb)
• Indexing Service (Windows Firewall: ciadv)
• Internet Authentication Service (Windows Firewall: iasmsc)
• Internet Information Services (IIS) Manager (Windows Firewall: iis)
• IP Security Monitor (Windows Firewall: ipsecmon)
• IP Security Policies (Windows Firewall: ipsecpol)
• Local Security Settings (Windows Firewall: secpol)
• Local Users and Groups (Windows Firewall: lusrmgr)
• Network Load Balancing Manager (Windows Firewall: nlbmgr)
• Network Monitor tools (Windows Firewall: netmon)
• Performance (Windows Firewall: perfmon)
• POP3 Service (Windows Firewall: p3server)
• Public Key Management (Windows Firewall: pkmgmt)
• Remote Desktops (Windows Firewall: tsmmc)
• Remote Storage (Windows Firewall: rsadmin)
• Removable Storage (Windows Firewall: ntmsmgr)
• Removable Storage Operator Requests (Windows Firewall: ntmsoprq)
• Resultant Set of Policy (Windows Firewall: rsop)
• Routing and Remote Access (Windows Firewall: rrasmgmt)
• Security Configuration and Analysis (Windows Firewall: sca)
• Services (Windows Firewall: services)
• Shared Folders (Windows Firewall: fsmgmt)
• Telephony (Windows Firewall: tapimgmt)
• Terminal Services Configuration (Windows Firewall: tscc)
• Terminal Services Manager (Windows Firewall: tsadmin)
• UDDI Services Console (Windows Firewall: uddi)
• Windows Management Infrastructure (Windows Firewall: wmimgmt)
• Windows Media Services (Windows Firewall: wmsadmin)
• Windows Server 2003 Administration Tools Pack (Windows Firewall: adminpak)
• WINS (Windows Firewall: winsmgmt)
• Wireless Monitor (Windows Firewall: wiremon)

Microsoft also has a guide to Windows firewall configuration by server role.

Thanks to David for the pointer to this article.

Mark Empson has published a nice list of firewall ports used by Windows Server 2008.

Nice reference Mark. I was just looking for a similar list for Windows Server 2003 R2 Domain Controllers, and had to pull the information from a variety of sources. I couldn’t find a nice summary like you’ve made.

Kiwi CatTools is a free (up to five devices) customizable utility that help network administrators automate configuration backups of their network devices such as routers and switches. It provides email notification and compare reports, highlighting configuration changes. Some of the features of CatTools includes:

• Instant or scheduled device configuration backups where any differences can be instantly emailed to you.
• Send CLI commands via Telnet or SSH to many devices at once.
• Change device configuration at scheduled times.
• Change all of your network device passwords at once.
• Generate various device reports such as Port, MAC, ARP and Version.
• Compare the startup and running configuration of devices.

All versions of CatTools have the same functionality. The extent of that functionality however is limited by the license you are running.

Freeware   Edition

Engineer   Edition

Professional   Edition

Enterprise Edition

Number of Devices in database

5

20

500

Unlimited

Number of Activities in database

5

20

50

Unlimited

Simultaneous TFTP sessions

2

 10

 20

100

Simultaneous Device connections

1

 5

 10

30

Check out the following screenshots of the product. My only disappointment with the product was that there was no Sonicwall firewall preconfigured template. Luckily, there’s detailed instructions on how to define your own devices and activities. The premise is if your device supports Telnet, SSH1, SSH1.5 (Cisco), or SSH2 connectivity, you should be able to script automatic backups and perform other activities on it.

See the list of supported devices and an overview of the pre-configured activities.

Having problems getting applications to work through your firewall or router? Use the online Port Forwarding Tester to determine if your device is properly configured to pass traffic through the appropriate ports.

This application will automatically detect the public IP address your browser is originating from, or you can specify the IP of your choice. Next, enter the port number to test, and press the check button. The web site will tell you if that port is opened or closed.

If you’re note sure how to open ports on your particular router, check out portforward.com. They have a detailed list of routers and firewalls with step by step directions on setting up port forwarding for different devices.

If you need more information on what port forwarding is and why you would want to enable it, start here or checkout the FAQ. There is also a list of common ports that may need to be opened in order for your particular application to function properly.